This disclosure relates to wireless network security systems and methods, and more particularly to systems and methods for analyzing vulnerabilities of wireless networks.
Wireless Local Area Networks (WLANs) offer a quick and effective extension of a wired network or standard local area network (LAN). Over the last few years, some deployments of WLANs have conformed to the Institute of Electrical and Electronics Engineers (IEEE) 802.11b standard that operates over the unregulated 2.4 GHz frequency spectrum. However, it should be understood that other standards, such as 802.11a, 802.11g, and supporting standards such as 802.1X, are being developed to handle increased speeds and enhanced functionality. The various 802.11 standards developed by the IEEE are available for download via URL: http://standards.ieee.org/getieee802/802.11.html; each of which are hereby incorporated by reference.
The mobility of air-bound, wireless networks creates security concerns where threats can come from any direction and are not limited to the wired infrastructure. Established security practices of guarding a few entry points to the network are no longer effective. Because wireless communication is broadcast over radio waves, wireless hackers who merely listen to the airwaves can pick up unencrypted messages. Additionally, messages encrypted with the Wired Equivalent Privacy (WEP) security protocol can be decrypted with a little time and available hacking tools. These passive intruders put businesses at risk of exposing sensitive information to corporate espionage.
The theft of an authorized user's identity also poses a threat. Service Set Identifiers (SSIDs) that act as crude passwords and Media Access Control (MAC) addresses that act as personal identification numbers are often used to verify that clients are authorized to connect with an access point. However, as noted above existing encryption standards are not infallible and allow intruders to pick up approved SSIDs and MAC addresses to connect to a WLAN, posing as an authorized user with the ability to steal bandwidth, and corrupt or download files that may contain sensitive information. Moreover, incorrectly configured access points can provide a hole in WLAN security. Many access points are initially configured to broadcast unencrypted SSIDs of authorized users. While SSIDs are intended to be passwords to verify authorized users, intruders can easily steal an unencrypted SSID to assume the identity of an authorized user.
Further, outsiders who cannot gain access to a WLAN can none-the-less pose security threats by jamming or flooding the airwaves with static noise that causes WLAN signals to collide and produce CRC errors. These Denial-of-Service (DoS) attacks effectively shut down the wireless network in a similar way that DoS attacks affect wired networks.
Careless and deceitful actions by both loyal and disgruntled employees also present security risks and performance issues to wireless networks with unauthorized access points, improper security measures, and network abuses. Because a simple WLAN can be easily installed by attaching a $80 access point to a wired network and a $30 WLAN card to a laptop, employees are deploying unauthorized WLANs or peer-to-peer wireless connections 175 when IT departments are slow to adopt the new technology.
The present disclosure is directed to systems and methods for performing vulnerability analysis in a wireless network. Systems and methods for identifying security vulnerabilities in a wireless network can include a system data store and a control engine. The data store can be configured to store the wireless attack patterns, network default data, and responses received from the wireless network in response to the simulated wireless attacks. The control engine can include a number of processing elements, and is in communication with the system data store. The control engine is further configured to perform steps including: performing simulated wireless attacks on the wireless network by communicating with at least one wireless device on the wireless network; receiving a response to the simulated wireless attack from the wireless network; analyzing the response of the wireless network to the simulated wireless attacks to identify a vulnerability of the wireless network; and, determining which of the wireless attack is most probable to occur based on the analyzed vulnerability, such that steps may be taken to mitigate the analyzed vulnerability.
An example of systems and methods for identifying security vulnerabilities in a wireless network can include the steps of: initiating a simulated attack on the wireless network; scanning wireless devices coupled to the wireless network for responses; analyzing the responses of the wireless devices to the attack; identifying a vulnerability of the wireless network based upon the analysis; and, adapting the wireless devices to mitigate the vulnerability based upon the responses.